diff --git a/aws-ecsfargate-terraform/README.md b/aws-ecsfargate-terraform/README.md index 05b10f8..49a8353 100644 --- a/aws-ecsfargate-terraform/README.md +++ b/aws-ecsfargate-terraform/README.md @@ -4,7 +4,7 @@ This guide will run you through a deployment of the 1Password SCIM bridge to you Note that due to the highly advanced and customizable nature of Fargate, this is only a suggested starting point. You may modify it to your needs to fit within your existing infrastructure. -# Prerequisites +## Prerequisites Before beginning, familiarize yourself with [PREPARATION.md](/PREPARATION.md) and complete the necessary steps there. @@ -20,13 +20,17 @@ See [Terraform AWS Authentication](https://registry.terraform.io/providers/hashi ## Configuration -1. Copy `terraform.tfvars.template` to `terraform.tfvars`: +### Copy Configuration + +Copy `terraform.tfvars.template` to `terraform.tfvars`: ```bash cp terraform.tfvars.template terraform.tfvars ``` -2. Copy the `scimsession` file in the terraform code directory: +### Copy `scimsession` File + +Copy the `scimsession` file in the terraform code directory: ```bash cp /path/to/scimsession ./ @@ -42,9 +46,13 @@ cat /path/to/scimsession | base64 # copy the output to Secrets Manager ``` -3. Create a region entry in `terraform.tfvars` for what region you're deploying in (default is `us-east-1`). +### (Optional) Region -4. (Optional) Save the full domain name you want to use as domain_name in `terraform.tfvars`: +Create a region entry in `terraform.tfvars` for what region you're deploying in (default is `us-east-1`). + +### (Optional) Domain Name + +Save the full domain name you want to use as domain_name in `terraform.tfvars`: With the SCIM bridge, you have two options for securing it with TLS: @@ -59,7 +67,9 @@ Otherwise, if you _are_ using Certificate Manager, you can skip this step. domain_name = "scim-bridge.yourcompany.com" ``` -5. (Optional) If you use Route53, save the Route53 zone ID in the `terraform.tfvars`: +### (Optional) Route53 + +If you use Route53, save the Route53 zone ID in the `terraform.tfvars`: ``` dns_zone_id = "EXAMPLE123" @@ -86,11 +96,15 @@ After a few minutes and the DNS update has had time to take effect, go to the SC Connect to your Identity Provider following [the remainder of our setup guide](https://support.1password.com/scim/#step-2-deploy-the-scim-bridge). -## Logs +## Troubleshooting + +### Logs If you want to view the logs for your SCIM bridge within AWS, go to **Cloudwatch -> Log Groups** and you should see the log group that was printed out at the end of your `terraform apply`. Look for `scim-bridge` and `redis` for your logs in this section. -## Troubleshooting +### Specific Issues + +#### Prompted to Sign In If you browse to the domain name of your SCIM bridge and are met with a `Sign In With 1Password` link, this means the `scimsession` file was not properly installed. Due to the nature of the ECS deployment, **this “sign in” option cannot be used** complete the setup of your SCIM bridge.